Fix memory corruption bugs in BSM record parsing

fetch_newgroups_tok(3): clamp group count to AUDIT_MAX_GROUPS before the
loop to prevent a stack buffer overflow when a crafted record specifies
more than 16 groups.

fetch_execarg_tok(3), fetch_execenv_tok(3): add a bounds check at the
top of the string-walking loop to prevent an out-of-bounds read when the
previous string's nul byte is the last byte of the record buffer.

fetch_sock_unix_tok(3): clamp the memchr search length to the number of
bytes remaining in the buffer to prevent an out-of-bounds read on short
tokens. Also clamp slen to sizeof(path) to prevent a one-byte overflow
when no nul byte is found within the path data.

fetch_socket_tok: fix copy-paste error where the remote address was
written into l_addr instead of r_addr.
Previously reported by: @haginara

Define AU_UNIX_PATH_MAX as 108 (the largest sun_path across all
supported platforms) and use it in au_socketunix_t instead of the
hardcoded 104.

Update fetch_sock_unix_tok to derive its search bound from
sizeof(tok->tt.sockunix.path) so cross-platform records from Solaris and
Linux with paths up to 108 bytes parse correctly without truncation.

REF: https://github.com/openbsm/openbsm/pull/87

Reviewed by: kevans, markj
Differential Revision: https://reviews.freebsd.org/D56510